My name is Ross Hosman and I'm a Cloud Hosting fanatic as well as security geek! I love the idea of Cloud and being able to build massive infrastructures at the click of a button, so much that I have tried nearly every cloud out there. I'm also a security geek so I love looking at new technology to see how it works and how it can possible be compromised or more secure with other technologies. These days I spend a lot of time tinkering with technologies like DNSSEC, RASP, Container Security and Automated Security Remediation technologies. I'm currently employed as the Chief Information Security Officer at Drata in Colorado.
In my spare time I really enjoy hiking the beautiful mountains of Colorado and travelling to new places for new adventures!
Ross Hosman
Colorado, US
(720) 808-0222
ross @ ruselabs.com
site: www.ruselabs.com
site: www.ross.is
Chief Information Security Officer• July 2021 - November 2022
Drata is a startup in the security and compliance automation space started in late 2020. Drove product vision to deliver Automated Trust Center and ensuring we filed patents for it.
- Built our Security, Compliance and IT teams to support the business going from 30 employees to 300+ in a year
- Built a Zero Trust security architecture while enabling the business
- Defeated external Red Team adversary with no findings and no flags captured
- Achieved SOC1/2/3, ISO27001, HIPAA, PrivacyShield as well as met GDPR and CCPA
- Helped direct the company into a solid growth strategy
Head of Information Security• October 2019 - July 2021
Sigma Computing is a startup based in San Francisco in the Analytics and BI space. We are growing at a unicorn pace with customers in all different market segments adopting our platform. Sigma recruited me to build out the Information Security, IT and GRC (Governance, Risk and Compliance) programs in the company.
- Created an enterprise class security organization from the ground up that could support enterprise clients and their security needs. Focus areas included: Cloud Security, Container Security, Application Security, SaaS Security, Security in the CI/CD pipeline, etc.
- Built out the compliance program to ensure we met SOC 1, SOC 2, SOC 3, and HIPAA requirements.
- Built an IT organization that could support faster internet connectivity, wireless, conferencing, helpdesk and mobile device management.
Head of Information Security• September 2018 - October 2019
Lead, expand and upli the Information Security and Compliance teams at Recurly. Transition Recurly from a late stage startup with a traditional data center infrastructure model into a company that runs cloud native with a security/compliance program that supports the model. Ensure security/compliance in our cloud environments with cloud native tools and automated remediation.
- Build maturing into the information security and compliance programs.
- Automate security for cloud environments for rapid remediation.
- Enable new compliance initiatives such as SOC 2, GDPR, CCPA, etc.
Head of Cloud Security• October 2016 - September 2018
As the leader for cloud security at JP Morgan Chase I was tasked with building out and leading the cloud security team for one of the largest financial institutions in the world. Our goal was to design/build/implement security solutions for a multi-cloud environment that offered rapid automatic remediation of security issues in a fast paced cloud/container environment.
- Build a team from two people to over 14 cloud professionals all who became AWS Certified Solutions Architects.
- Set and implement a security strategy around automated remediation of security issues in a multi-cloud environment.
- Own security for multiple public cloud, private cloud and container environments.
Sr. Cloud Security Architect• August 2015 - May 2016
Cisco's Intercloud is an ambitious project to bring your clouds together. Cisco Cloud Services is a talented team of people that build these clouds and with the acquisitions of Piston Computing as well as Metacloud we are bringing managed OpenStack to the enterprise along with cutting edge features (e.g. Cisco ACI).
- Lead security Architecture around platform and services (BDaaS, LaaS, NFV, vMS) in a cloud that leverages the latest SDN solutions.
- Work on Anti-DDoS solutions to protect the cloud
- Virtualizing existing security solutions (FW, WAF, etc.)
- Security Log Analytics - SIEM
Cloud Security Architect • May 2014 - August 2015
As part of the VMware OneCloud team I handle all the security architecture design. OneCloud is an internal cloud used by all different departments. Currently it spans three continents and includes over 100,000 virtual machines. Our job is to run VMware products at scale and as part of the R&D division test new code before it is released. My job is to manage the security around the OneCloud product from design to implementation as well as operations. Working with other teams / stakeholders to make sure we are meeting their needs and coming up with new ways to improve our products from a security viewpoint.
- Deploy security stack in an all virtual environment which allows for IPS, DLP, Network Forensics, etc.
- Deploy NGFWs to give better visibility into the traffic that transits our networks
- Work with team members to implement security standards / process
- Work with internal security teams to ensure compliance with corporate standards
- Work with security partners to offer feedback on their products and deploying them at scale
For a full work history please check out my Linkedin profile here.
Over the years I have had the opportunity to work at many different types of organizations including Government, Telcos and High Tech. This has provided me the ability to learn many different areas in the Information Security field.